The Photon operating system YUM repository must cryptographically verify the authenticity of all software packages during installation.

An XCCDF Rule

Description

<VulnDiscussion>Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Cryptographically verifying the authenticity of all software packages during installation ensures the software has not been tampered with and has been provided by a trusted vendor.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256532r887270_rule
Severity: Medium
References: CCI-001749
Updated: 20 days ago

Open the file where "gpgcheck" is not set to "1" with a text editor.

Remove any existing "gpgcheck" setting and add the following line at the end of the file:

gpgcheck=1

The Photon operating system YUM repository must cryptographically verify the authenticity of all software packages during installation.

Description

Remediation - Manual Procedure